►
From YouTube: Kubernetes Community Meeting 20160602
Description
We have PUBLIC and RECORDED weekly video meetings every Thursday at 10am US Pacific Time.
https://docs.google.com/document/d/1VQDIAB0OqiSjIHI8AWMvSdceWhnz56jNpZrLs6o7NJY
Demo: kube-lego; 1.4 planning process; 1.3 release update
A
A
B
B
B
First,
we
couldn't
see
a
you,
can
get
the
sort
of
certificates
of
yet
different
challenges
and
yeah
so
like
there
are
four
different
challenges
that
you
can
use
to
verify
that
you
are
the
domain
validated
owner
for
domain
name
and
yeah,
so
I'm
only
using
the
HTTP
yet
just
because
of
simplicity,
one
thing
about
let's
encrypt,
so
they
they
have
like
in
a
user
account.
So
you
have
a
private
key
with
this
user
account
you
can
revoke
certificates
later
and
they
limit
the
maximum
certificate
lifetime
to
ninety
days.
B
So
now
I'm
not
too
sure
if
it's
gonna
work,
but
my
idea
was
to
just
prove
that
it's
not
prepared
too
much
before
so
that
certificates
are
generated
really
on
the
fly
within
the
demo.
I
asked
some
in
the
audience
if
they
could
point
like
their
private
sub
domain
via
a
cname
record
to
this
coop
lego,
dot
chat
stack
net.
B
So
if
you
could
do
that,
it
would
be
perfect
because
that
will
show
yet
just
that.
It's
really
really
life
happening,
the
issuance
of
the
certificates,
I've
posted
it
to
the
children
chat
and
soon
to
everyone,
the
the
cname
destination.
And
maybe,
if
you
could
post
your
remain
back,
then
I
can
try
it
in
the
minute.
B
Sure
so
one
important
resource,
and
rather
a
new
resource,
is
the
the
ingress
resource
and
kublai
go
watches
the
ingress
resource
yeah
just
to
know
which
certificates
should
be
there.
The
ingress
resources
meant
yeah
to
contain
the
rules,
how
external
clients
can
access
services
in
the
cluster
and
yeah.
B
So
it's
from
my
point
of
view
mainly
focused
on
HTTP
right
now,
so
you
can
point
certain
virtual
hosts
two
years
in
kubernetes
service,
there's
one
important
difference
compared
to
the
to
the
service
object,
which
actually
implementation
is
contained
in
the
true
proxy
for
service,
for
example,
and
with
integration,
load,
balancers
and
blah
blah.
But
ingress
has
no
no
control
in
the
kubernetes
core,
so
you
need
like
a
custom
controller
for
it.
So
there
are.
A
B
The
country
repository
as
there
exist
a
few
controllers
so
just
to
name
one
nginx
and,
for
example,
you
can
use
the
GCE
forwarding
rules
for
my
demo.
I'm
gonna
use
nginx,
so
the
whole
cluster,
the
demo
class,
runs
in
AWS
and
I'm
just
breaking
on
layer
4.
That
means
so.
The
EO
B's
handle
only
TCP
and
nginx
handles
the
encryption
and
everything
beyond
that.
On
top
of
that,
so
I've
prepared
a
little
architecture
overview
with
the
resources
involved.
B
So
I
have
like
the
ingress
resource
of
my
hello
world
application,
which
references,
a
TLS
secret
and
the
actual
service
that
should
be
seen
publicly
and
quite
similarly,
I
have
my
cube
layer.
Application.
There's
should
be
only
one
pod
running
and
it
contains
the
service
to
be
accessible
and,
at
some
point,
an
ingress
rule.
B
The
ingress
rule
is
managed
by
cube
layer
itself,
and
we
will
see
it
right
now,
so
I
am
I'm
just
showing
one
flow
so
soon
as
kublai
guy
runs,
it's
gonna
watch
changes
an
ingress
object
and
yet
just
to
get
the
host
names
that
should
be
available
via
TLS,
so
as
soon
as
it
recognizes
the
need
for.
For
a
new
certificate,
so
it
checks
if
the
referenced
secret
exists
or
if
it's
expired
or
not,
containing
all
the
domain
names.
B
A
B
B
We
see
I'm,
just
an
engineer
secret,
nothing
else
and
we
see
no
ingress
objects
and
services
for
the
pots
we've
created
so
now,
I'm
gonna
start
and
create
a
conflict
map
for
kublai,
go
the
service
to
make
it
available
publicly
and
a
deployment
just
to
deploy
one
part,
so
that
works
pretty
well.
If
you
look
at
the
status
yeah,
we
see
the
container
is
running.
Now
we
have
the
new
service
as
well,
so
we
can
continue
with
the
ingress
object
for
our
echo
server.
B
So
just
first
I'm
gonna
use
this
demo
URL
and
then
I'm
gonna.
Add
your
cname
Sarah.
So
right
now,
if
I'm
calling
the
domain
name,
it
should
return
a
404
yeah.
Thus,
and
now
I'm
gonna
create
the
the
ingress
rule
and
then
we
should
see
the
output
from
the
echo
server.
So
that's
an
ingress
rule
without
TLS
enabled
I'm
gonna
run
an
apply
now,
so
we
have
the
ingress
here
and
we
should
be
able,
with
a
curl,
to
get
now
to
a
non
404
output.
B
Something
no
it's
there.
So
here
is
the
echo
output
from
the
from
back-row
service,
and
now
the
interesting
thing
happens.
So
I'm
gonna
reconfiguring
the
the
ingress
object
with
this
annotation.
That
just
means
kublai
girl.
Look
at
this
ingress
resource
and
yeah
enable
for
the
demo
hostname
the
TLS
and
specify
a
secret
name
so
I'm
doing
now
to
apply
again
that
the
changed
object,
and
now
we
can
see
two
creates
a
separate
ingress
object
that
contains
the
as
well
down
path
where
the
challenge
happens.
B
That's
not
a
Kublai,
the
log
output
we
gonna
get
the
certificate
breakfast
through.
We
are
let's
encrypt
so
right
now
the
the
Kublai
go
demon
does
sort
of
a
soft
check
if
it
can
reach
itself,
so
that
had
happened
before
so
like
with
this
testing
reach
ability
of
the
end
point
and
as
soon
as
the
reach
ability
worked,
it
actually
requested
it
from
from
let's
encrypt
and
that's
the
end,
it's
shown
the
private
keys
and
look
at
it,
and
now
the
object
should
be
there.
B
B
B
Okay,
so
I'm
not
pointing
any
kind
of
application
behind
it,
so
it
doesn't
really
matter
I'm
just
now
applying
the
ingress
object
which
should
trigger
the
adding
of
the
the
other
challenge.
End
point
and
if
I
look
at
the
crew
blogger
output,
it's
now
actually
already
recognized
and
try
to
find
or
try
to
get
the
self-check
running.
So
it's
still
getting
a
404.
That
just
means
nginx
hasn't
reconfigured.
Yes,
and
it's
like
yeah.
Now
it's
opening,
so
the
check
worked.
We
got
the
validation
through
the
certificate
this
year.
B
A
B
A
A
Well,
thank
you
and
I'm
sure
people
reach
out
if
they've
got
questions
so
I'm
gonna
hop
on
to
the
next
item,
because
we
are
running
just
a
little
bit
behind
and
I
know
that
David
is
trying
to
catch
a
plane.
So
David
are
on
Chika's
for
you
to
talk
a
little
bit
about
the
grand
plan
about
planning,
1.4,
hey.
A
C
C
C
Week,
so
the
plan
is
right.
Now
what
we'd
like
to
do
is
get
nominees.
You
can
nominate
yourself,
I'll,
be
sending
out
requests
to
Cooper
that
he's
dead
for
people
to
nominate
themselves
to
be
part
of
a
community
p.m.
group
which
will
help
to
close
this
process
down
once
we
identify
those
people
and
all
agree
that
the
flow
is
what
we
agree
to,
we
will
agree.
C
We
will
basically
go
forward
with
that
flow
as
a
proposal
and
that
flow
might
look
like
you
have
to
submit
a
proposal
to
the
feature
repo
that
needs
to
be
voted
on
their
needs
to
be
you
know,
testing
or
or
issues
associated
with
that,
so
on
and
so
forth.
I
won't
detail
all
that
there
there's
a
quite.
C
I
will
share
with
you
after
this
call
and
in
the
notes
and
then
again
on
email,
both
the
feature
proposal
and
the
feature
repo,
but
I
would
like
to
say
by
the
end
of
next
week.
That's
next
Friday
to
identify
everyone
who
would
like
to
be
part
of
the
community
p.m.
brick,
it's
not
to
say
we're,
locking
it
down.
People
can
nominate
themselves
at
any
time,
but
that
said
by
that
point,
if
you
haven't
nominated
yourself,
you
know
joined
our
list
and
voted
on
the
proposal.
C
A
C
A
D
A
Has
not
yet,
but
he
is
referencing
the
feature,
repo
discussion
that
we
had
a
few
weeks
ago
from
Erik
Paris's
recommendation
that
we
separate
all
out
feature
issues
future
definitions
instead
of
workflow
within
that
out
in
its
own
repo,
so
that
we
can
have
more
broad
access
and
Ackles
given
so
that
people
can
say
triage
things,
update
issues
more
accurately
label
them
that
kind
of
stuff.
So
it's
an
extension
of
that.
Okay.
D
D
Sure
so,
release
1.3
update
so
quick
check
in
on
the
four
sort
of
key
blocking
features
we
called
out.
So
the
first
is
clock
cross
cluster
service,
Federation,
otherwise
known
as
uber
Nettie's
are
part
of
uber
Nettie's
there's
one
remaining
PR.
It
is
about
AWS
integration,
it
has
LG
TM
and
it's
just
going
to
the
process
of
getting
tests
working
in
merged
and
then
a
few
ete
tests
need
to
be
added,
but
that
is
finally
an
it's
sort
of
last
throes.
D
So
second
features
stateful
application,
support,
otherwise
known
as
pet
set.
That
is
finished.
All
code
is
in
as
an
alpha
feature,
scalability
towards
2,000
nodes
to
serve
the
third
high-level
feature,
and
that
work
is,
is
all
done
and
scaling
towards
2,000
and
testing
is
ongoing.
And,
lastly,
the
44th
feature
is
the
distributed
test.
Dashboard
and
actually
Eric
theta
from
Google
sent
out
an
email
to
communities
Deb
earlier
today.
That's
now
live
at
test,
kate's
io
and
it
is
very
cool.
D
If
is
a
visual
indication
of
all
the
tests
that
are
run
inside
Google
and
whether
or
not
they
passed
or
failed,
so
you
can
sort
of
see
visually
how
things
are
looking
across
all
the
different
test,
Suites
and
across
time,
as
well
as
it
supports
uploading
test
results
from
third
parties
to
be
displayed
in
the
same
dashboard.
So
we
have
some
I
believe
it's
adhere
and
rocket.
Nettie's
already
have
tests
being
run
outside
Google
and
the
results
are
being
uploaded
and
displayed
alongside
it.
D
So
that
is
the
latest
good
news
and
that's
how
that
one
is
done
so
that
was
sort
of
a
pass
over
the
the
key
features
for
one
three,
or
at
least
the
headliner
ones
in
terms
of
timeline.
That's
the
next
thing
to
talk
about
before
you
go
on
question
yeah,
then,
can
you
point
to
a
single,
cohesive
description
for
what
the
pet
set
feature
is,
so
this
came
up
last
week
as
well
and
yes,
we
will
obviously
a
documentation
that
will
be
written
over
the
next
couple
weeks
before
we
launch.
Is
that
sufficient?
C
D
That
is
not
sufficient.
Okay,
you
cannot
actually
quite
discern
for
a
meeting
260.
What
what
done
would
be?
Okay,
in
that
case
I.
Don't
personally
know
if
we
have
that
doc
in
one
place,
I
can
go,
who
try
to
dig
in
some
men
along
though
okay
I
mean
I
I,
think
I'm
just
making
sure
that
it
isn't
hiding
somewhere
that
people
can't
find
as
opposed
to
not
existing,
and
it
sounds
like
it's
not
existing.
So
writing
in
grant
just
said
in
that
there
isn't
a
doc
yet
hey.
D
I'm,
just
not
I,
guess
I,
so
something
is
done.
It's
not
clear
what
done
is
and
I'm
just
wondering
how
we
know
that
the
features
that
is
complete
if
there
isn't
a
single,
cohesive
description
of
what
the
feature
set
is
but
I'll
I
don't
want
to
belabor
this
too
much
but
I
think
for
it
to
be
done.
We
have
to
figure
out
whether
what
done
is
you
know
no
I
mean
it's.
It's
a
fair
point
for
sure.
A
Brian
is
also
reminding
us
that
this
is
the
alpha
version
of
it,
so
it's
not
feature
complete
and
it
is
the
first
underpinnings
of.
But
yes,
your
point
is
well-taken
that
there
needs
to
be
a
PR
D.
There
needs
to
be
documentation.
That
says
what
we
think
this,
what
we
think
we
have
accomplished
and
what
we
will
be
accomplishing
going
forward.
Well,.
D
A
This
is
part
of
why
we
are
we
pulling
together
this
whole
product
team
and
plan,
and
indeed
indeed
so,
on
the
plus
side,
we've
improved
between
1.1
and
1.2
and
1.2
and
1.3,
and
we're
going
to
keep
continuing
in
that
process,
and
in
that
vein,
so
I
know
Bob.
You
also
volunteered
your
time
and
or
someone
from
your
team's
time
to
help
on
that.
So
thank
you.
Yep
awesome.
D
Yes,
the
next
thing
is
just
timeline
of
what
remains
for
1.3.
We
have
three
weeks
and
one
day
until
our
launch
date,
which
we
set
for
June
24th
a
while
back
and
things
appear
to
still
be
on
track.
We
held
a
pretty
hard
line
on
feature
complete
and
that
does
seem
to
be
paying
dividends
as
we
go
burned
down
the
rest
of
the
milestone.
So
the
way
those
three
weeks
are
gonna
look
is
we
will
branch
and
release
a
beta
Alfons?
D
D
The
launch
will
then
be
two
weeks
from
next,
so
from
June,
tenth
launching
to
June
24th.
Well,
we
will
go
out
the
door
we
are
having
I
think
it's
been
mentioned
in
this
meeting.
The
last
few
weeks,
though
I
haven't
been
here,
we're
having
these
milestones
burned
down,
meetings
that
anyone
is
invited
to.
A
A
A
We'll
do
this
quietly
doesn't
sound
like
it.
Okay.
Well
then,
I
have
one
last
issue
of
administrivia,
which
is
I,
don't
see
anyone
that
I
don't
recognize
on
here
and
for
whom
this
is
a
much
more
convenient
time.
So
is
there
anyone
from
say
China
or
Japan
or
Hong
Kong,
for
whom
this
is
a
better
time
today,.
A
A
Does
that
any
bit
second,
video
fantastic?
Well,
then,
he
longs
raising
his
hands
yay
waving,
okay,
fantastic!
Then
I
will
say
that
this
was
a
lovely
and
important
experiment,
but
that
we
don't
have
a
lot
of
people
from
the
time
zones
where
this
is
a
lot
more
convenient
and
we
will
go
back
to
10:00
a.m.
regularly
until
we
hear
something.
Otherwise
does
anybody
have
anything
else
they
want
to
cover,
or
do
we
get
a
half
hour
of
our
life
back.
A
Alright,
then
have
a
great
week.
We
will
give
more
updates
about
the
1.4
planning
process
next
week
there
will
be
emails
about
it,
recommending
that
people
nominate
themselves
each
other
friends
family,
all
of
that
and
and
follow
up
with
topics
for
next
time.
All
right
have
a
lovely
Thursday
evening
and
I
will
see
you
all
in
a
week.